[Samba] Samba AD member - how to force sync AD attributes?
Viktor Trojanovic
viktor at troja.ch
Tue Aug 18 16:09:06 UTC 2020
I have a setup with a single Windows DC and a couple of Samba member
servers, set up using the AD backend.
I noticed I made a mistake when setting up a group, giving it a gidNumber
that was already in use. So, using ADUC, I quickly changed it to a free
number.
And yet, running the command on a member server, getent group still shows
the number from before the change. 20 minutes later, still the same
picture.
That confuses me a bit. Shouldn't getent query the DC directly? Instead, it
seems to access some cached information that, in this specific case, is no
longer valid. If that's the case, can I somehow flush the cache or speed up
the synchronization? I tried reloading the configuration, restarting all
components (smbd, nbmd, winbind), all to no avail.
By the way, wbinfo shows the correct, updated information.
Viktor
More information about the samba
mailing list